Class: RoleBasedAuthorization::Rule
- Inherits:
-
Object
- Object
- RoleBasedAuthorization::Rule
- Defined in:
- lib/role_based_authorization/rule.rb
Overview
Model an authorization rule. A rule is a triplet: <roles, cond, object_id> a rule match if the user role is in roles and cond (if not nil) is satisfied when objects are retrieved using object_id.
Instance Method Summary collapse
-
#initialize(roles, cond, object_id) ⇒ Rule
constructor
rule initialization.
-
#inspect ⇒ Object
string representation for this rule.
-
#match(user, objects) ⇒ Object
return true if this rule matches the given user and objects.
Constructor Details
#initialize(roles, cond, object_id) ⇒ Rule
rule initialization. roles is mandatory, cond is optional, object_id defaults to :id if nil.
9 10 11 12 13 14 15 |
# File 'lib/role_based_authorization/rule.rb', line 9 def initialize roles, cond, object_id roles = [roles] unless roles.respond_to? :each @roles = roles @cond = cond @object_id = object_id || :id end |
Instance Method Details
#inspect ⇒ Object
string representation for this rule
35 36 37 38 39 40 |
# File 'lib/role_based_authorization/rule.rb', line 35 def inspect str = "rule(#{self.object_id}): allow roles [" + @roles.join(',') + "]" str += " (only under condition object_id will be retrieved using '#{@object_id}')" if @cond str end |
#match(user, objects) ⇒ Object
return true if this rule matches the given user and objects
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/role_based_authorization/rule.rb', line 18 def match(user, objects) AUTHORIZATION_LOGGER.debug('trying '+self.inspect) matching = @roles.include?(:all) # checking for right role (no need to check them if already matching) matching = !@roles.find { |role| !user.nil? && role == user.role }.nil? if !matching if @cond.nil? return matching else # to have a proper match, also the condition must hold return matching && @cond.call(user,objects[@object_id]) end end |